Technical Overview
NetSepio’s dVPN service Erebrus, utilizes the robust WireGuard protocol to establish a secure and anonymous tunnel for user traffic. Here's a breakdown of the key technical aspects:
Modern Cryptography:
WireGuard employs state-of-the-art cryptographic primitives to ensure data confidentiality and integrity. These include:
ChaChaPoly for Encryption: This high-performance stream cipher offers strong encryption with excellent performance, making it ideal for resource-constrained devices.
Curve25519 for Key Exchange: This elliptic curve cryptography scheme facilitates secure key exchange between user devices and dVPN nodes, eliminating the need for pre-shared secrets or certificates.
Poly1305 for Message Authentication: This message authentication code ensures data hasn't been tampered with during transmission, protecting against potential man-in-the-middle attacks.
Distributed Network:
Unlike traditional VPNs with centralized servers, NetSepio leverages a network of geographically distributed nodes. User data is encrypted and routed through multiple nodes, obfuscating the origin and destination of traffic, enhancing anonymity.
LibP2P: Our innovative solution is aimed at revolutionizing internet privacy and security. At its core, the project leverages the power of peer-to-peer communication facilitated by libp2p, a cutting-edge networking protocol. This framework enables seamless communication among network participants while prioritizing security and decentralization.
Pub-Sub: Utilizing libp2p's pubsub (publish-subscribe) mechanism, Erebrus facilitates communication channels among network participants and helps to disseminate critical updates and notifications to all nodes in the network. Erebrus Gateway publishes updates to designated topics, while nodes subscribe to these topics to receive relevant information in real-time. This pubsub-based communication model ensures that all nodes are kept informed of important network events and policy changes, fostering a cohesive and responsive network ecosystem.
DHT: In addition, the project harnesses libp2p's Distributed Hash Table (DHT) implementation for peer discovery and routing. DHT enables nodes to locate and connect with other peers by storing key-value pairs distributed across participating nodes. This decentralized approach ensures robust connectivity even without centralized infrastructure, enhancing network resilience.
Node Discovery: Additionally, the project leverages libp2p's Rendezvous mechanism for bootstrap node discovery. Rendezvous enables nodes to discover initial peers by broadcasting queries to the network and receiving responses from nearby nodes. This ensures that new nodes can quickly join the network and establish connections with existing peers, facilitating network growth and resilience.
QUIC: Furthermore, libp2p's support for various transport protocols, including TCP/IP, WebSockets, and QUIC, ensures compatibility and interoperability across different network environments. This flexibility allows the decentralized VPN service to adapt to diverse networking conditions while maintaining a high level of performance and reliability.
Noise Protocol Framework:
NetSepio implements the Noise protocol framework, a secure framework for establishing encrypted connections. This framework ensures perfect forward secrecy, meaning compromised keys from past sessions cannot be used to decrypt future traffic.
Key Management
NetSepio utilizes a secure key management system. Each user device generates a private key that never leaves the device. Public keys are used for communication with dVPN nodes. This separation ensures user data remains encrypted even if a dVPN node is compromised.
Dynamic Tunneling:
NetSepio’s dVPN establishes dynamic tunnels on-demand. When a user activates the VPN, a connection is established with a pool of available nodes. This dynamic approach helps distribute load across the network and improves overall performance and latency.
For detailed documentation on our dVPN solution , refer Erebrus
Last updated